A remote attacker can craft a malicious hostname to execute arbitrary commands on a system using dbclient if the hostname is passed without proper sanitization.